Iran regime hacking campaign revealed

Iranian hackers spent the weeks prior to the US’s reimposement of sanctions on Iran in November trying to break into the personal emails of American officials given the job of enforcing the sanctions, the Associated Press has found, which is yet another sign about how cyber espionage is deeply embedded in US-Iran relations.

The AP used data from London-based cybersecurity company Certfa to track how the so-called Charming Kitten hacking group spent over a month trying to break into the private emails of over a dozen US Treasury officials. Other targets included high-profile defenders, detractors and enforcers of the nuclear deal struck between Washington and Tehran, Arab atomic scientists, Iranian civil society figures, and DC think tank employees.

Frederick Kagan, a scholar at the American Enterprise Institute, said: “Presumably, some of this is about figuring out what is going on with sanctions… This is a little more worrisome than I would have expected.”

Certfa found the hit list after Charming Kitten mistakenly left one of its servers open, allowing researchers to extract a list of 77 Gmail and Yahoo addresses targeted by the hackers; which may only be a fraction of the true number of targets.

It is unknown how many of the accounts were compromised or how they were targeted, but it provides considerable insight into Iran’s priorities.

Certfa linked the hackers to the Iranian government in a report released Thursday, thanks to several operational blunders by the attackers, something backed up by Allison Wikoff, a researcher with Atlanta-based SecureWorks, who has tracked Charming Kitten in the past.

The AP analysis of the targets suggests that the hackers are working in the interests of the Iranian dictatorship, especially given their targeting of nuclear officials.

The target list suggests that Iran is interested in nuclear technology and administration, monitoring officials charged with overseeing America’s nuclear arsenal, and those who have warned about Iran’s nuclear ambitions.

It also includes a number of Iranian targets, notably media workers, an agronomist and a senior employee of the country’s Department of Environment, which signals that the crackdown on journalists and environmentalists is far from over.

The Charming Kitten campaign does not appear to be very sophisticated, relying on the password-stealing technique known as phishing. Targets were sent emails mimicking the look of a security alert from their email provider requiring them to log in to a false site. The login details would then be stored by the hackers and used to log in to the real account at another time.

Many bad things were done to Iran by some really bad people. These criminals will have to be brought to justice.For many generations this country was captive to a corrupt regimes. Iranian people had to find ways to survive ... ReadMore +